661
|
Linux секция за напреднали / Хардуерни и софтуерни проблеми / Re: Два интернет доставчика
|
-: Jul 05, 2009, 20:34
|
Ае , много с зле всичките , не му казвахте какво + какво + какво и да му давате линкове ... ами вземете дайте идеи... Пич този скрипт ползвам , той ми рутира и 2-двата нета Просто добави 2-та gateway-a и на кой лан картите се намират това е За въпроси пиши
root@greenbox-server:/etc/network# cat routing # Mandatory variables TABLE1=1 # The TABLE ID associated to your 1st ISP IF1=eth0 # The NIC name connected to your 1st ISP GW1=10.6.0.1 # 1st or Default Internet Service Provider Gateway (Router IP Address)
TABLE2=2 # The TABLE ID associated to your 2th ISP IF2=eth5 # The NIC name connected to your 2th ISP GW2=192.168.1.1 # 2th Internet Server Provider Gateway (Router IP Address)
#TABLE2=n # The TABLE ID associated to your n.. ISP # This line is an example # IF2=ethn # The NIC name connected to your n... ISP # This line is an example # GW2=192.168.nnn.nnn # n... Internet Provider Gateway # This line is an example
izbalancing() { # Command Syntax: $1 "InterfaceName" "TableID" "IPDefaultGateway" # Add a Command line for any external internet connection $1 $IF1 $TABLE1 $GW1 $1 $IF2 $TABLE2 $GW2 #$1 $IFn $TABLEn $GWn # This line is an example
if [ "$1" = "start" ] then # Misc $IP route del default $IP route add default equalize nexthop via $GW1 nexthop via $GW2 #$IP route add default equalize nexthop via $GW1 nexthop via $GW2 nexthop via $GWn # ...so on...
## NOTE!! # You must execute the following iptables rules if you want act as Load Balanced/MultiHomed GNU/Linux Firewall # > mangle table < $IPTABLES -t mangle -A PREROUTING -p ALL -j CONNMARK --restore-mark
$IPTABLES -t mangle -A PREROUTING -p ALL -i $IF1 -m mark --mark 0 -j MARK --set-mark $TABLE1 $IPTABLES -t mangle -A PREROUTING -p ALL -i $IF2 -m mark --mark 0 -j MARK --set-mark $TABLE2 # $IPTABLES -t mangle -A PREROUTING -p ALL -i $IFn -m mark --mark 0 -j MARK --set-mark $TABLEn # This line is an example
$IPTABLES -t mangle -A POSTROUTING -p ALL -o $IF1 -m state --state NEW -j MARK --set-mark $TABLE1 $IPTABLES -t mangle -A POSTROUTING -p ALL -o $IF2 -m state --state NEW -j MARK --set-mark $TABLE2 # $IPTABLES -t mangle -A POSTROUTING -p ALL -o $IFn -m state --state NEW -j MARK --set-mark $TABLEn # This line is an example
$IPTABLES -t mangle -A POSTROUTING -p ALL -m state --state NEW -j CONNMARK --save-mark
# > nat table < $IPTABLES -t nat -A POSTROUTING -p ALL -o $IF1 -m mark --mark $TABLE1 -j SNAT --to-source $(find_primary_ip $IF1) $IPTABLES -t nat -A POSTROUTING -p ALL -o $IF2 -m mark --mark $TABLE2 -j SNAT --to-source $(find_primary_ip $IF2) # $IPTABLES -t nat -A POSTROUTING -p ALL -o $IFn -m mark --mark $TABLEn -j SNAT --to-source $(find_primary_ip $IFn) # This line is an example fi }
# Default commands path IP=ip IPTABLES=iptables
############################################################################################### ############################################################################################### ## CONFIGURATION IS OVER, DON'T EDIT ANYTHING BELLOW ## ############################################################################################### ###############################################################################################
### $1 = Ethernet Interface Name ### $2 = Table Number ### $3 = Default Gateway
# Init default policies and variables init() { # Enable fast failover of broken gateways links (this isn't a real failover) echo "10" > /proc/sys/net/ipv4/route/gc_timeout
# Make this machine a Routing Machine(tm) :-) echo "1" > /proc/sys/net/ipv4/ip_forward
# Variables IF=$1 TABLE=$2 FWIP=$(find_primary_ip $IF) GWIP=$3
#echo "Init: IF=$IF TABLE=$TABLE FWIP=$FWIP GWIP=$GWIP IP=$IP" }
## STOP
# Stop izbalancing stop() { init $1 $2 $3 route_stop rule_stop }
# Reset routing tables route_stop() { # Flush whole routing table of current table if [ ! -z "$($IP route show table $TABLE)" ] then $IP route flush table $TABLE fi
# Reset to default Single Gateway if [ ! -z "$GW1" ] then $IP route del default $IP route add default via $GW1 fi # If you don't want to reset the routing cache every time you run this ******, comment the following line $IP route flush cache }
# Reset rule tables rule_stop() { # Flush whole rule table of current table (except for fwmark rules) $IP rule list | grep "lookup $TABLE" | grep -v "from all fwmark" | awk '{print $2" "$3" "$4" "$5" "$6" "$7}' $1 | while read RULE do $IP rule del $RULE done
# Flush whole fwmark rule table of current table $IP rule list | grep "lookup $TABLE" | grep "from all fwmark" | awk '{print $4" "$5" "$6" "$7}' $1 | while read RULE do $IP rule del $RULE done }
## START
# Start izbalancing Subsystem start() { #echo "1 Before init ($1 $2 $3)" init $1 $2 $3 #echo "2 Before stop ($1 $2 $3)" stop $1 $2 $3 #echo "3 Before route_start ($1 $2 $3)" route_start #echo "4 Before rule_start ($1 $2 $3)" rule_start }
route_start() { # Import from table 'default' to 'current table' the whole routing settings $IP route show table main | grep -Ev ^default | grep -Ev nexthop | while read ROUTE; do $IP route add table $TABLE $ROUTE; done # Add the default interface gateway to the current table $IP route add table $TABLE default via $GWIP }
# Add iproute2 rules in current table rule_start() { $IP rule add from $FWIP lookup $TABLE $IP rule add fwmark $TABLE lookup $TABLE
for IP_ALIAS in $(find_secondary_ip $IF) do $IP rule add from $IP_ALIAS lookup $TABLE done }
######################################################### # Autodetect IP number of specified network interface find_primary_ip() { if [ ! -z $1 ] then echo $($IP addr show $1 | grep 'inet' | grep -v ":" | awk '{print $2}' | sed -e 's/\/.*//') fi }
find_secondary_ip() { if [ ! -z $1 ] then echo $($IP addr show $1 | grep 'inet' | grep "$1:" | awk '{print $2}' | sed -e 's/\/.*//') fi }
############################################################################################### ## Valid ****** input from command line case $1 in stop) izbalancing stop ;; start) izbalancing start ;; restart) izbalancing start ;; *) echo "InitZero GNU/Linux Firewall/Router Incoming/Outgoing MultiHomed/LoadBalanced Subsystem" echo " < vsichko e nared>" echo "Version $VERSION" echo echo "Usage: $0 [OPTIONS]" echo echo "Available Options:" echo " start, Start the izbalancing subsystem" echo " stop, Stop the izbalancing subsystem" echo " restart, ReStart the izbalancing subsystem" echo echo " example: $0 start" exit 0 esac
## The End ###############################################################################################. root@greenbox-server:/etc/network#
|
|
|
662
|
Хардуер за Линукс / Десктопи / Re: Нещо като анкетка !!! - вие с каква машина сте и с каква дистрибуция на нея?
|
-: Jul 05, 2009, 01:48
|
И 2 -те мои гордости :Д Убунту и бсд root@----:~# date Sun Jul 5 01:44:37 EEST 2009 root@nzk-sofia:~# cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 23 model name : Intel(R) Xeon(R) CPU E5405 @ 2.00GHz
#_----------------------------------------$
root@------ [~]# cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 15 model name : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
free -m total used free shared buffers cached Mem: 5895 5458 437 0 351 4304 -/+ buffers/cache: 803 5092 Swap: 8110 0 8110 root@---------- [~]#
|
|
|
666
|
Linux секция за начинаещи / Настройка на програми / Re: Linksys router и chillifire
|
-: Jun 29, 2009, 11:20
|
Ти сигорен ли си че , не можеш да го ресетнеш ?
Press the ‘Chillifire’ tab. And you will be presented again with the logon screen. Enter ‘admin’ as user and ‘shae4.’ (notice the dot '.' at the end) as password (You can change the password later to anything you like.)
Това прочетели го ?
|
|
|
675
|
Linux секция за начинаещи / Настройка на програми / Re: Как да спра флоод на линух ?
|
-: Jun 12, 2009, 09:26
|
Добре де защо лъжете хората че нямало спиране пример
Chain INPUT (policy DROP) target prot opt source destination DROP all -- host2.highland-it.com anywhere DROP all -- 80.67.6.226 anywhere fail2ban-ProFTPD tcp -- anywhere anywhere tcp dpt:ftp fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh acctboth all -- anywhere anywhere ACCEPT all -- localhost anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:smtps ACCEPT tcp -- anywhere anywhere tcp dpt:infowave ACCEPT tcp -- anywhere anywhere tcp dpt:radsec ACCEPT tcp -- anywhere anywhere tcp dpt:nbx-ser ACCEPT tcp -- anywhere anywhere tcp dpt:nbx-dir ACCEPT tcp -- anywhere anywhere tcp dpt:gnunet ACCEPT tcp -- anywhere anywhere tcp dpt:eli ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:cdc ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT tcp -- anywhere anywhere tcp dpt:ftp DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,UR
root@intersoft [~]# netstat -plan |grep :80 |wc -l 794
И
root@intersoft [~]# netstat -plan |grep :80 |grep SYN root@intersoft [~]#
Аз съм спрял всякъв вид флоод
Това е малка част от firewall-a mi , но като цяло това е едно доказателство , че нямам flood. И като незнаете не лажете хората че неможело да се спира , може и още как
|
|
|
|